Where is the keystore for LDAPS linked for Spectrum OneClick server setup

book

Article ID: 107100

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

CA Spectrum OneClick service (OC-server) configuration with secured LDAP (LDAPs) will be possible only by default Spectrum keystore configuration. This requires LDAPs related Certificate needs to be part of default $SPECROOT/custom/keystore/cacerts.

So even CA Spectum Oneclick service configruation for the Tomcat-webserver allows via ./tomcat/conf/server.xml - here parameter "keystore" - to specify the keystore location (and keystore filename and key-pass) - this is affecting the Tomcat-Connector (for https) - but this is not effective for the LDAPs connector.

 

LDAPs connector is using default only keystore file "cacerts". 

Environment

This is valid for any OC-server platform OS/host. 

Resolution

So even using for OC-"https"-service specific keystore file, please add the required Certificate for the LDAPs connector to the default keystore $SPECROOT/custom/keystore/cacerts. At practical level the default keystore file only covers the LDAPs connector cert only then.  
 
This functionality is addressed for post CA Spectrum R10.3 improvements.